By Chester Wisniewski
With 2024 fast approaching, what are the results for 2023 and what are the developments in the threat landscape for this new year? The year 2023 was marked by persistence in the tactics of cybercriminals, with the predominance of ransomware, the exploitation of vulnerabilities, theft of credentials and even attacks targeting the supply chain. The common point in all his attacks is their formidable effectiveness.
It is, therefore, essential to ask what trends will persist in 2024 and what strategies businesses should adopt to deal with these future cyber threats.
Between persistent trends and evolving cybercrime tactics
In 2024, the threat landscape is not expected to change radically, particularly with regard to attack typologies and criminal tactics and procedures. Criminal groups still primarily focus their attention on financial gains and ransomware remains their weapon of choice. These cybercriminals tend to take the easy way out by opportunistically attacking unpatched security vulnerabilities.
The recent Citrix Bleed attack demonstrated the agility of cybercriminals when it comes to quickly and effectively exploiting these new vulnerabilities. However, once patches are applied to these vulnerabilities, cyberattackers tend to revert to more common strategies of stealing credentials or, failing that, cookies or session cookies, which, while slightly slower, constitute always a proven means that allows them to penetrate within a system.
In 2024, however, we should expect increased sophistication in defense evasion tactics, particularly due to the generalization of certain technologies such as multi-factor authentication. These attacks will combine malicious proxy servers, social engineering techniques and repeated authentication request attacks or “fatigue attacks”.
AI and regulations will continue to shape cybersecurity
In 2024, the development of AI will have a positive impact on the efficiency of IT teams and security teams by enabling them to strengthen defences and work more efficiently, including through the processing of vast volumes of data in the aim of detecting anomalies. It should make it possible to respond more quickly in the event of an incident.
Indeed, analysis of attacks in 2023 showed a shortening of the time between network penetration and the triggering of a final attack – using malware or ransomware. The need for rapid detection and response tools to prevent costly incidents is therefore essential.
Finally, regulatory developments could have a major influence on measures taken against ransomware. The need to take more substantial measures could push some states to penalize the payment of ransoms, which would represent a brake on malicious actors and change the perspective of companies in the event of an attack. Other stricter legislation, such as the implementation of the European NIS2 Directive, is also expected to force companies to take additional measures, particularly regarding their abilities to collect data sets.
To protect themselves against increasingly rapid, effective and costly attacks, companies will need to strengthen their defences by equipping themselves with tools that allow them to detect and respond to incidents more quickly. The worsening cybersecurity talent shortage does not appear to be as serious as some studies claim. On the contrary, companies have implemented more lax hiring criteria and more open-mindedness in the recruitment process.
From this perspective, to guarantee their survival in a constantly evolving threat landscape, companies have every interest in establishing partnerships with cybersecurity experts whose main mission is to make the hyperconnected world safer, to advise and assist them. in setting up effective defences.
Chester Wisniewski is a director Global Field CTO, Sophos